[INJIMOB-2369] authorization endpoint discovery through auth server wellknown (#1706)

* [INJIMOB-2369] get authorization endpoint from auth server wellknown Replace hardcoded authorization endpoint (authorization_servers[0] + '/authorize') to fetching from oauth-authorization-server well-known Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com> * [INJIMOB-2369] handle error scenarios for authz url discovery For getting the authorization_endpoint as per Wallet's support, as of now we are getting the first entry of authorization_server and fetching the authorization server metadata. In this metadata if grant type is not authorization_code, its considered as error scenario In case of error while fetching authorization endpoint from Authorization server, - Network error -> No internet error screen - oauth-authorization-server well-known's supported grant types is not supported by Wallet -> Grant type not supported error - Others -> Generic error screen Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com> * [INJIMOB-2369] add locales support for grantTypeNotSupperted error Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com> * [INJIMOB-2369]: remove unused url Signed-off-by: Alka Prasad <prasadalka1998@gmail.com> * [INJIMOB-2369] modify cache key of issuer authorization server metadata Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com> --------- Signed-off-by: KiruthikaJeyashankar <kiruthikavjshankar@gmail.com> Signed-off-by: Alka Prasad <prasadalka1998@gmail.com> Co-authored-by: Alka Prasad <prasadalka1998@gmail.com>
2026-01-10 14:07:59 -05:00 · 2024-11-29 15:42:04 +05:30
parent d58f167fad
commit b68c69151d
16 changed files with 195 additions and 24 deletions
--- a/components/ui/Error.tsx
+++ b/components/ui/Error.tsx
@@ -14,7 +14,11 @@ export const Error: React.FC<ErrorProps> = props => {
  const errorContent = () => {
    return (
      <Fragment>
-        <View style={[{alignItems: 'center'}, props.customStyles]}>
+        <View
+          style={[
+            {alignItems: 'center', marginHorizontal: 1},
+            props.customStyles,
+          ]}>
          <View>
            <Row
              align="center"
--- a/locales/ara.json
+++ b/locales/ara.json
@@ -224,6 +224,10 @@
        "title": "حدث خطأ!",
        "message": "شكرًا على صبرك! نحن نواجه صعوبات تقنية في الوقت الحالي. يُرجى المحاولة مرة أخرى لاحقًا أو الاتصال بالمسؤول للحصول على مزيد من المساعدة!"
      },
+      "authorizationGrantTypeNotSupportedByWallet": {
+        "title": "نوع المنحة غير مدعوم خطأ في التفويض!",
+        "message": "شكرًا على صبرك! نحن نواجه صعوبات تقنية في الوقت الحالي. يُرجى المحاولة مرة أخرى لاحقًا أو الاتصال بالمسؤول للحصول على مزيد من المساعدة!"
+      },
      "verificationFailed": {
        "title": "حدث خطأ!",
        "goBackButton": "عُد",
--- a/locales/en.json
+++ b/locales/en.json
@@ -225,6 +225,10 @@
        "title": "An error occurred!",
        "message": "Thanks for your patience! We're experiencing technical difficulties right now. Please try again later or contact the admin for further assistance!"
      },
+      "authorizationGrantTypeNotSupportedByWallet": {
+        "title": "Grant type not supported authorization error!",
+        "message": "Thanks for your patience! We're experiencing technical difficulties right now. Please try again later or contact the admin for further assistance!"
+      },
      "verificationFailed": {
        "title": "An Error Occurred!",
        "goBackButton": "Go Back",
--- a/locales/fil.json
+++ b/locales/fil.json
@@ -224,6 +224,10 @@
        "title": "May naganap na error!",
        "message": "Salamat sa iyong pasensya! Nakakaranas kami ng mga teknikal na paghihirap ngayon. Pakisubukang muli mamaya o makipag-ugnayan sa admin para sa karagdagang tulong!"
      },
+      "authorizationGrantTypeNotSupportedByWallet": {
+        "title": "Ang uri ng grant ay hindi sinusuportahan ng error sa pahintulot!",
+        "message": "Salamat sa iyong pasensya! Nakakaranas kami ng mga teknikal na paghihirap ngayon. Pakisubukang muli mamaya o makipag-ugnayan sa admin para sa karagdagang tulong!"
+      },
      "verificationFailed": {
        "title": "May pagkakamaling naganap!",
        "goBackButton": "Bumalik ka",
--- a/locales/hin.json
+++ b/locales/hin.json
@@ -225,6 +225,10 @@
        "title": "एक त्रुटि पाई गई!",
        "message": "आपके धैर्य के लिए धन्यवाद! हम अभी तकनीकी समस्याओं का सामना कर रहे हैं। कृपया बाद में पुनः प्रयास करें या आगे की सहायता के लिए व्यवस्थापक से संपर्क करें!"
      },
+      "authorizationGrantTypeNotSupportedByWallet": {
+        "title": "अनुदान प्रकार समर्थित नहीं प्राधिकरण त्रुटि!",
+        "message": "आपके धैर्य के लिए धन्यवाद! हम अभी तकनीकी समस्याओं का सामना कर रहे हैं। कृपया बाद में पुनः प्रयास करें या आगे की सहायता के लिए व्यवस्थापक से संपर्क करें!"
+      },
      "verificationFailed": {
        "title": "एक त्रुटि पाई गई!",
        "goBackButton": "वापस जाओ",
--- a/locales/kan.json
+++ b/locales/kan.json
@@ -224,6 +224,10 @@
        "title": "ದೋಷ ಸಂಭವಿಸಿದೆ!",
        "message": "ನಿಮ್ಮ ತಾಳ್ಮೆಗೆ ಧನ್ಯವಾದಗಳು! ನಾವು ಇದೀಗ ತಾಂತ್ರಿಕ ತೊಂದರೆಗಳನ್ನು ಎದುರಿಸುತ್ತಿದ್ದೇವೆ. ದಯವಿಟ್ಟು ನಂತರ ಮತ್ತೆ ಪ್ರಯತ್ನಿಸಿ ಅಥವಾ ಹೆಚ್ಚಿನ ಸಹಾಯಕ್ಕಾಗಿ ನಿರ್ವಾಹಕರನ್ನು ಸಂಪರ್ಕಿಸಿ!"
      },
+      "authorizationGrantTypeNotSupportedByWallet": {
+        "title": "ಅನುದಾನದ ಪ್ರಕಾರವನ್ನು ಬೆಂಬಲಿಸುವುದಿಲ್ಲ ದೃಢೀಕರಣ ದೋಷ!",
+        "message": "ನಿಮ್ಮ ತಾಳ್ಮೆಗೆ ಧನ್ಯವಾದಗಳು! ನಾವು ಇದೀಗ ತಾಂತ್ರಿಕ ತೊಂದರೆಗಳನ್ನು ಎದುರಿಸುತ್ತಿದ್ದೇವೆ. ದಯವಿಟ್ಟು ನಂತರ ಮತ್ತೆ ಪ್ರಯತ್ನಿಸಿ ಅಥವಾ ಹೆಚ್ಚಿನ ಸಹಾಯಕ್ಕಾಗಿ ನಿರ್ವಾಹಕರನ್ನು ಸಂಪರ್ಕಿಸಿ!"
+      },
      "verificationFailed": {
        "title": "ಒಂದು ತಪ್ಪು ನಡೆದಿದೆ!",
        "goBackButton": "ಹಿಂದೆ ಹೋಗು",
--- a/locales/tam.json
+++ b/locales/tam.json
@@ -224,6 +224,10 @@
        "title": "பிழை ஏற்பட்டது!",
        "message": "உங்கள் பொறுமைக்கு நன்றி! நாங்கள் தற்போது தொழில்நுட்ப சிக்கல்களை எதிர்கொள்கிறோம். பிறகு முயற்சிக்கவும் அல்லது கூடுதல் உதவிக்கு நிர்வாகியைத் தொடர்பு கொள்ளவும்!"
      },
+      "authorizationGrantTypeNotSupportedByWallet": {
+        "title": "கிராண்ட் வகை ஆதரிக்கப்படவில்லை அங்கீகார பிழை!",
+        "message": "உங்கள் பொறுமைக்கு நன்றி! நாங்கள் தற்போது தொழில்நுட்ப சிக்கல்களை எதிர்கொள்கிறோம். பிறகு முயற்சிக்கவும் அல்லது கூடுதல் உதவிக்கு நிர்வாகியைத் தொடர்பு கொள்ளவும்!"
+      },
      "verificationFailed": {
        "title": "ஒரு பிழை ஏற்பட்டது!",
        "goBackButton": "திரும்பி செல்",
--- a/machines/Issuers/IssuersActions.ts
+++ b/machines/Issuers/IssuersActions.ts
@@ -1,6 +1,7 @@
 import {
  ErrorMessage,
  Issuers_Key_Ref,
+  OIDCErrors,
  selectCredentialRequestKey,
 } from '../../shared/openId4VCI/Utils';
 import {
@@ -103,7 +104,7 @@ export const IssuersActions = (model: any) => {

    setError: model.assign({
      errorMessage: (_: any, event: any) => {
-        console.error('Error occurred ', event.data.message);
+        console.error(`Error occurred while ${event} -> `, event.data.message);
        const error = event.data.message;
        if (error.includes(NETWORK_REQUEST_FAILED)) {
          return ErrorMessage.NO_INTERNET;
@@ -111,6 +112,9 @@ export const IssuersActions = (model: any) => {
        if (error.includes(REQUEST_TIMEOUT)) {
          return ErrorMessage.REQUEST_TIMEDOUT;
        }
+        if (error.includes(OIDCErrors.AUTHORIZATION_ENDPOINT_DISCOVERY.GRANT_TYPE_NOT_SUPPORTED)) {
+          return ErrorMessage.AUTHORIZATION_GRANT_TYPE_NOT_SUPPORTED;
+        }
        return ErrorMessage.GENERIC;
      },
    }),
@@ -239,7 +243,13 @@ export const IssuersActions = (model: any) => {
        credential_endpoint: event.data.credential_endpoint,
        credential_configurations_supported:
          event.data.credential_configurations_supported,
-        authorization_servers: event.data.authorization_servers,
+      }),
+    }),
+
+    updateAuthorizationEndpoint: model.assign({
+      selectedIssuer: (context: any, event: any) => ({
+        ...context.selectedIssuer,
+        authorizationEndpoint: event.data,
      }),
    }),

--- a/machines/Issuers/IssuersGuards.ts
+++ b/machines/Issuers/IssuersGuards.ts
@@ -33,7 +33,14 @@ export const IssuersGuards = () => {
      return (
        !!event.data &&
        typeof event.data.toString === 'function' &&
-        event.data.toString().includes(OIDCErrors.OIDC_CONFIG_ERROR_PREFIX)
+        event.data.toString()(OIDCErrors.OIDC_CONFIG_ERROR_PREFIX)
+      );
+    },
+    isGrantTypeNotSupportedError: (_: any, event: any) => {
+      return (
+        !!event.data &&
+        event.data.toString() ===
+          OIDCErrors.AUTHORIZATION_ENDPOINT_DISCOVERY.GRANT_TYPE_NOT_SUPPORTED
      );
    },
    canSelectIssuerAgain: (context: any) => {
--- a/machines/Issuers/IssuersMachine.ts
+++ b/machines/Issuers/IssuersMachine.ts
@@ -142,7 +142,46 @@ export const IssuersMachine = model.createMachine(
          },
          SELECTED_CREDENTIAL_TYPE: {
            actions: 'setSelectedCredentialType',
-            target: 'checkInternet',
+            target: 'fetchAuthorizationEndpoint',
+          },
+        },
+      },
+      fetchAuthorizationEndpoint: {
+        invoke: {
+          src: 'fetchAuthorizationEndpoint',
+          onDone: [
+            {
+              actions: 'updateAuthorizationEndpoint',
+              target: 'checkInternet',
+            },
+          ],
+          onError: {
+            actions: ['setError', 'resetLoadingReason'],
+            target: '.error',
+          },
+        },
+        initial: 'idle',
+        states: {
+          idle: {},
+          error: {
+            on: {
+              TRY_AGAIN: [
+                {
+                  description:
+                    'issuer and credential type is selected by the user',
+                  actions: ['setLoadingReasonAsSettingUp', 'resetError'],
+                  target: '#issuersMachine.fetchAuthorizationEndpoint',
+                },
+              ],
+              RESET_ERROR: [
+                {
+                  description:
+                    'issuer and credential type is selected by the user',
+                  actions: ['setLoadingReasonAsSettingUp', 'resetError'],
+                  target: '#issuersMachine.selectingCredentialType',
+                },
+              ],
+            },
          },
        },
      },
@@ -483,7 +522,6 @@ export interface displayType {
 }

 export interface issuerType {
-  authorization_servers: [string];
  credential_issuer: string;
  protocol: string;
  client_id: string;
@@ -496,4 +534,5 @@ export interface issuerType {
  credential_configurations_supported: object;
  display: [displayType];
  credentialTypes: [CredentialTypes];
+  authorizationEndpoint: string;
 }
--- a/machines/Issuers/IssuersMachine.typegen.ts
+++ b/machines/Issuers/IssuersMachine.typegen.ts
@@ -33,6 +33,11 @@ export interface Typegen0 {
      data: unknown;
      __tip: 'See the XState TS docs to learn how to strongly type this.';
    };
+    'done.invoke.issuersMachine.fetchAuthorizationEndpoint:invocation[0]': {
+      type: 'done.invoke.issuersMachine.fetchAuthorizationEndpoint:invocation[0]';
+      data: unknown;
+      __tip: 'See the XState TS docs to learn how to strongly type this.';
+    };
    'done.invoke.issuersMachine.generateKeyPair:invocation[0]': {
      type: 'done.invoke.issuersMachine.generateKeyPair:invocation[0]';
      data: unknown;
@@ -83,6 +88,10 @@ export interface Typegen0 {
      type: 'error.platform.issuersMachine.downloadIssuerWellknown:invocation[0]';
      data: unknown;
    };
+    'error.platform.issuersMachine.fetchAuthorizationEndpoint:invocation[0]': {
+      type: 'error.platform.issuersMachine.fetchAuthorizationEndpoint:invocation[0]';
+      data: unknown;
+    };
    'error.platform.issuersMachine.performAuthorization.getKeyPairFromKeystore:invocation[0]': {
      type: 'error.platform.issuersMachine.performAuthorization.getKeyPairFromKeystore:invocation[0]';
      data: unknown;
@@ -107,6 +116,7 @@ export interface Typegen0 {
    downloadCredentialTypes: 'done.invoke.issuersMachine.downloadCredentialTypes:invocation[0]';
    downloadIssuerWellknown: 'done.invoke.issuersMachine.downloadIssuerWellknown:invocation[0]';
    downloadIssuersList: 'done.invoke.issuersMachine.displayIssuers:invocation[0]';
+    fetchAuthorizationEndpoint: 'done.invoke.issuersMachine.fetchAuthorizationEndpoint:invocation[0]';
    generateKeyPair: 'done.invoke.issuersMachine.generateKeyPair:invocation[0]';
    getKeyOrderList: 'done.invoke.issuersMachine.performAuthorization.setSelectedKey:invocation[0]';
    getKeyPair: 'done.invoke.issuersMachine.performAuthorization.getKeyPairFromKeystore:invocation[0]';
@@ -121,10 +131,10 @@ export interface Typegen0 {
      | 'loadKeyPair'
      | 'logDownloaded'
      | 'resetError'
-      | 'resetIsVerified'
      | 'resetLoadingReason'
      | 'resetSelectedCredentialType'
      | 'resetVerificationErrorMessage'
+      | 'resetVerificationResult'
      | 'sendBackupEvent'
      | 'sendDownloadingFailedToVcMeta'
      | 'sendErrorEndEvent'
@@ -134,7 +144,6 @@ export interface Typegen0 {
      | 'setCredentialWrapper'
      | 'setError'
      | 'setFetchWellknownError'
-      | 'setIsVerified'
      | 'setIssuers'
      | 'setLoadingReasonAsDisplayIssuers'
      | 'setLoadingReasonAsDownloadingCredentials'
@@ -152,11 +161,13 @@ export interface Typegen0 {
      | 'setTokenResponse'
      | 'setVCMetadata'
      | 'setVerifiableCredential'
+      | 'setVerificationResult'
      | 'storeKeyPair'
      | 'storeVcMetaContext'
      | 'storeVcsContext'
      | 'storeVerifiableCredentialData'
      | 'storeVerifiableCredentialMeta'
+      | 'updateAuthorizationEndpoint'
      | 'updateIssuerFromWellknown'
      | 'updateSelectedIssuerWellknownResponse'
      | 'updateVerificationErrorMessage';
@@ -180,6 +191,7 @@ export interface Typegen0 {
      | 'downloadCredentialTypes'
      | 'downloadIssuerWellknown'
      | 'downloadIssuersList'
+      | 'fetchAuthorizationEndpoint'
      | 'generateKeyPair'
      | 'getKeyOrderList'
      | 'getKeyPair'
@@ -198,7 +210,6 @@ export interface Typegen0 {
      | 'RESET_ERROR'
      | 'TRY_AGAIN'
      | 'error.platform.issuersMachine.performAuthorization:invocation[0]';
-    resetIsVerified: 'error.platform.issuersMachine.verifyingCredential:invocation[0]';
    resetLoadingReason:
      | 'RESET_ERROR'
      | 'done.invoke.checkInternet'
@@ -206,6 +217,7 @@ export interface Typegen0 {
      | 'error.platform.issuersMachine.downloadCredentialTypes:invocation[0]'
      | 'error.platform.issuersMachine.downloadCredentials:invocation[0]'
      | 'error.platform.issuersMachine.downloadIssuerWellknown:invocation[0]'
+      | 'error.platform.issuersMachine.fetchAuthorizationEndpoint:invocation[0]'
      | 'error.platform.issuersMachine.performAuthorization.getKeyPairFromKeystore:invocation[0]'
      | 'error.platform.issuersMachine.performAuthorization.setSelectedKey:invocation[0]'
      | 'error.platform.issuersMachine.performAuthorization:invocation[0]'
@@ -217,6 +229,7 @@ export interface Typegen0 {
      | 'error.platform.issuersMachine.performAuthorization.setSelectedKey:invocation[0]'
      | 'error.platform.issuersMachine.performAuthorization:invocation[0]';
    resetVerificationErrorMessage: 'RESET_VERIFY_ERROR';
+    resetVerificationResult: 'error.platform.issuersMachine.verifyingCredential:invocation[0]';
    sendBackupEvent: 'done.invoke.issuersMachine.storing:invocation[0]';
    sendDownloadingFailedToVcMeta:
      | 'error.platform.issuersMachine.downloadCredentials:invocation[0]'
@@ -231,11 +244,11 @@ export interface Typegen0 {
    setError:
      | 'error.platform.issuersMachine.displayIssuers:invocation[0]'
      | 'error.platform.issuersMachine.downloadCredentials:invocation[0]'
+      | 'error.platform.issuersMachine.fetchAuthorizationEndpoint:invocation[0]'
      | 'error.platform.issuersMachine.performAuthorization.getKeyPairFromKeystore:invocation[0]'
      | 'error.platform.issuersMachine.performAuthorization.setSelectedKey:invocation[0]'
      | 'error.platform.issuersMachine.performAuthorization:invocation[0]';
    setFetchWellknownError: 'error.platform.issuersMachine.downloadIssuerWellknown:invocation[0]';
-    setIsVerified: 'done.invoke.issuersMachine.verifyingCredential:invocation[0]';
    setIssuers: 'done.invoke.issuersMachine.displayIssuers:invocation[0]';
    setLoadingReasonAsDisplayIssuers: 'TRY_AGAIN';
    setLoadingReasonAsDownloadingCredentials:
@@ -244,6 +257,7 @@ export interface Typegen0 {
      | 'done.invoke.issuersMachine.performAuthorization.getKeyPairFromKeystore:invocation[0]'
      | 'error.platform.issuersMachine.performAuthorization.getKeyPairFromKeystore:invocation[0]';
    setLoadingReasonAsSettingUp:
+      | 'RESET_ERROR'
      | 'SELECTED_ISSUER'
      | 'TRY_AGAIN'
      | 'done.invoke.issuersMachine.performAuthorization:invocation[0]';
@@ -264,6 +278,7 @@ export interface Typegen0 {
      | 'done.invoke.issuersMachine.verifyingCredential:invocation[0]'
      | 'error.platform.issuersMachine.verifyingCredential:invocation[0]';
    setVerifiableCredential: 'done.invoke.issuersMachine.downloadCredentials:invocation[0]';
+    setVerificationResult: 'done.invoke.issuersMachine.verifyingCredential:invocation[0]';
    storeKeyPair: 'done.invoke.issuersMachine.generateKeyPair:invocation[0]';
    storeVcMetaContext:
      | 'done.invoke.issuersMachine.verifyingCredential:invocation[0]'
@@ -277,6 +292,7 @@ export interface Typegen0 {
    storeVerifiableCredentialMeta:
      | 'done.invoke.issuersMachine.verifyingCredential:invocation[0]'
      | 'error.platform.issuersMachine.verifyingCredential:invocation[0]';
+    updateAuthorizationEndpoint: 'done.invoke.issuersMachine.fetchAuthorizationEndpoint:invocation[0]';
    updateIssuerFromWellknown: 'done.invoke.issuersMachine.downloadIssuerWellknown:invocation[0]';
    updateSelectedIssuerWellknownResponse: 'done.invoke.issuersMachine.downloadIssuerWellknown:invocation[0]';
    updateVerificationErrorMessage: 'error.platform.issuersMachine.verifyingCredential:invocation[0]';
@@ -300,14 +316,15 @@ export interface Typegen0 {
  };
  eventsCausingServices: {
    checkInternet:
-      | 'SELECTED_CREDENTIAL_TYPE'
-      | 'done.invoke.issuersMachine.downloadCredentialTypes:invocation[0]';
+      | 'done.invoke.issuersMachine.downloadCredentialTypes:invocation[0]'
+      | 'done.invoke.issuersMachine.fetchAuthorizationEndpoint:invocation[0]';
    downloadCredential:
      | 'done.invoke.issuersMachine.checkKeyPair:invocation[0]'
      | 'done.invoke.issuersMachine.generateKeyPair:invocation[0]';
    downloadCredentialTypes: 'done.invoke.issuersMachine.downloadIssuerWellknown:invocation[0]';
    downloadIssuerWellknown: 'SELECTED_ISSUER' | 'TRY_AGAIN';
    downloadIssuersList: 'CANCEL' | 'TRY_AGAIN' | 'xstate.init';
+    fetchAuthorizationEndpoint: 'SELECTED_CREDENTIAL_TYPE';
    generateKeyPair: 'done.invoke.issuersMachine.checkKeyPair:invocation[0]';
    getKeyOrderList: 'done.invoke.issuersMachine.performAuthorization:invocation[0]';
    getKeyPair:
@@ -333,6 +350,9 @@ export interface Typegen0 {
    | 'downloadCredentials.userCancelledBiometric'
    | 'downloadIssuerWellknown'
    | 'error'
+    | 'fetchAuthorizationEndpoint'
+    | 'fetchAuthorizationEndpoint.error'
+    | 'fetchAuthorizationEndpoint.idle'
    | 'generateKeyPair'
    | 'handleVCVerificationFailure'
    | 'idle'
@@ -347,6 +367,7 @@ export interface Typegen0 {
    | 'verifyingCredential'
    | {
        downloadCredentials?: 'idle' | 'userCancelledBiometric';
+        fetchAuthorizationEndpoint?: 'error' | 'idle';
        performAuthorization?:
          | 'getKeyPairFromKeystore'
          | 'idle'
--- a/machines/Issuers/IssuersService.ts
+++ b/machines/Issuers/IssuersService.ts
@@ -6,6 +6,7 @@ import {
  constructIssuerMetaData,
  constructProofJWT,
  hasKeyPair,
+  OIDCErrors,
  updateCredentialInformation,
  vcDownloadTimeout,
 } from '../../shared/openId4VCI/Utils';
@@ -60,6 +61,31 @@ export const IssuersService = () => {

      return credentialTypes;
    },
+    fetchAuthorizationEndpoint: async (context: any) => {
+      /**
+       * Incase of multiple entries of authorization_servers, each element is iterated and metadata check is made for support with wallet.
+       * For now, its been kept as getting first entry and checking for matching grant_types_supported
+       */
+      const authorizationServer =
+        context.selectedIssuerWellknownResponse['authorization_servers'][0];
+      const authorizationServerMetadata =
+        await CACHED_API.fetchIssuerAuthorizationServerMetadata(
+          authorizationServer,
+        );
+      const SUPPORTED_GRANT_TYPES = ['authorization_code'];
+      if (
+        (
+          authorizationServerMetadata['grant_types_supported'] as Array<string>
+        ).filter(grantType => SUPPORTED_GRANT_TYPES.includes(grantType))
+          .length === 0
+      ) {
+        throw new Error(
+          OIDCErrors.AUTHORIZATION_ENDPOINT_DISCOVERY.GRANT_TYPE_NOT_SUPPORTED,
+        );
+      }
+
+      return authorizationServerMetadata['authorization_endpoint'];
+    },
    downloadCredential: async (context: any) => {
      const downloadTimeout = await vcDownloadTimeout();
      const accessToken: string = context.tokenResponse?.accessToken;
--- a/screens/Issuers/IssuersScreen.tsx
+++ b/screens/Issuers/IssuersScreen.tsx
@@ -101,7 +101,9 @@ export const IssuersScreen: React.FC<
    return (
      controller.errorMessageType === ErrorMessage.TECHNICAL_DIFFICULTIES ||
      controller.errorMessageType ===
-        ErrorMessage.CREDENTIAL_TYPE_DOWNLOAD_FAILURE
+        ErrorMessage.CREDENTIAL_TYPE_DOWNLOAD_FAILURE ||
+      controller.errorMessageType ===
+        ErrorMessage.AUTHORIZATION_GRANT_TYPE_NOT_SUPPORTED
    );
  }

@@ -213,7 +215,9 @@ export const IssuersScreen: React.FC<
        showClose
        primaryButtonTestID="tryAgain"
        primaryButtonText={
-          controller.errorMessageType != ErrorMessage.TECHNICAL_DIFFICULTIES
+          controller.errorMessageType != ErrorMessage.TECHNICAL_DIFFICULTIES &&
+          controller.errorMessageType !=
+            ErrorMessage.AUTHORIZATION_GRANT_TYPE_NOT_SUPPORTED
            ? 'tryAgain'
            : undefined
        }
--- a/shared/api.ts
+++ b/shared/api.ts
@@ -15,7 +15,7 @@ import {
  sendImpressionEvent,
 } from './telemetry/TelemetryUtils';
 import {TelemetryConstants} from './telemetry/TelemetryConstants';
-import NetInfo, {NetInfoState} from '@react-native-community/netinfo';
+import NetInfo from '@react-native-community/netinfo';

 export const API_URLS: ApiUrls = {
  trustedVerifiersList: {
@@ -36,6 +36,11 @@ export const API_URLS: ApiUrls = {
    buildURL: (issuerId: string): `/${string}` =>
      `/v1/mimoto/issuers/${issuerId}/well-known-proxy`,
  },
+  authorizationServerMetadataConfig: {
+    method: 'GET',
+    buildURL: (authorizationServerUrl: string): string =>
+      `${authorizationServerUrl}/.well-known/oauth-authorization-server`,
+  },
  allProperties: {
    method: 'GET',
    buildURL: (): `/${string}` => '/v1/mimoto/allProperties',
@@ -125,6 +130,15 @@ export const API = {
    );
    return response;
  },
+  fetchAuthorizationServerMetadata: async (authorizationServerUrl: string) => {
+    const response = await request(
+      API_URLS.authorizationServerMetadataConfig.method,
+      API_URLS.authorizationServerMetadataConfig.buildURL(authorizationServerUrl),
+      undefined,
+      '',
+    );
+    return response;
+  },
  fetchAllProperties: async () => {
    const response = await request(
      API_URLS.allProperties.method,
@@ -170,6 +184,21 @@ export const CACHED_API = {
      fetchCall: API.fetchIssuerWellknownConfig.bind(null, issuerId),
    }),

+  fetchIssuerAuthorizationServerMetadata: (
+    authorizationServerUrl: string,
+    isCachePreferred: boolean = false,
+  ) =>
+    generateCacheAPIFunction({
+      isCachePreferred,
+      cacheKey: API_CACHED_STORAGE_KEYS.fetchIssuerAuthorizationServerMetadata(
+        authorizationServerUrl,
+      ),
+      fetchCall: API.fetchAuthorizationServerMetadata.bind(
+        null,
+        authorizationServerUrl,
+      ),
+    }),
+
  getAllProperties: (isCachePreferred: boolean) =>
    generateCacheAPIFunction({
      isCachePreferred,
@@ -257,7 +286,7 @@ async function generateCacheAPIFunctionWithAPIPreference(
      onErrorHardCodedValue != undefined
    }`);

-    console.log(error);
+    console.error(`The error in fetching api ${cacheKey}`,error);
    var response=null;
    if(!(await NetInfo.fetch()).isConnected){
       response = await getItem(cacheKey, null, '');
@@ -316,6 +345,7 @@ type ApiUrls = {
  issuersList: Api_Params;
  issuerConfig: Api_Params;
  issuerWellknownConfig: Api_Params;
+  authorizationServerMetadataConfig: Api_Params;
  allProperties: Api_Params;
  getIndividualId: Api_Params;
  reqIndividualOTP: Api_Params;
--- a/shared/constants.ts
+++ b/shared/constants.ts
@@ -69,6 +69,8 @@ export const API_CACHED_STORAGE_KEYS = {
    `CACHE_FETCH_ISSUER_CONFIG_${issuerId}`,
  fetchIssuerWellknownConfig: (issuerId: string) =>
    `CACHE_FETCH_ISSUER_WELLKNOWN_CONFIG_${issuerId}`,
+  fetchIssuerAuthorizationServerMetadata: (authorizationServerUrl: string) =>
+      `CACHE_FETCH_ISSUER_AUTHORIZATION_SERVER_METADATA_${authorizationServerUrl}`,
  fetchTrustedVerifiers: 'CACHE_FETCH_TRUSTED_VERIFIERS',
 };

--- a/shared/openId4VCI/Utils.ts
+++ b/shared/openId4VCI/Utils.ts
@@ -150,8 +150,7 @@ export const constructAuthorizationConfiguration = (
    redirectUrl: selectedIssuer.redirect_uri,
    additionalParameters: {ui_locales: i18n.language},
    serviceConfiguration: {
-      authorizationEndpoint:
-        selectedIssuer.authorization_servers[0] + '/authorize',
+      authorizationEndpoint: selectedIssuer.authorizationEndpoint,
      tokenEndpoint: selectedIssuer.token_endpoint,
    },
  };
@@ -255,13 +254,17 @@ export const vcDownloadTimeout = async (): Promise<number> => {
 };

 // OIDCErrors is a collection of external errors from the OpenID library or the issuer
-export enum OIDCErrors {
-  OIDC_FLOW_CANCELLED_ANDROID = 'User cancelled flow',
-  OIDC_FLOW_CANCELLED_IOS = 'org.openid.appauth.general error -3',
+export const OIDCErrors = {
+  OIDC_FLOW_CANCELLED_ANDROID : 'User cancelled flow',
+  OIDC_FLOW_CANCELLED_IOS : 'org.openid.appauth.general error -3',

-  INVALID_TOKEN_SPECIFIED = 'Invalid token specified',
-  OIDC_CONFIG_ERROR_PREFIX = 'Config error',
-}
+  INVALID_TOKEN_SPECIFIED: 'Invalid token specified',
+  OIDC_CONFIG_ERROR_PREFIX: 'Config error',
+
+  AUTHORIZATION_ENDPOINT_DISCOVERY: {
+    GRANT_TYPE_NOT_SUPPORTED: 'Grant type not supported by Wallet',
+  },
+};

 // ErrorMessage is the type of error message shown in the UI

@@ -272,6 +275,7 @@ export enum ErrorMessage {
  BIOMETRIC_CANCELLED = 'biometricCancelled',
  TECHNICAL_DIFFICULTIES = 'technicalDifficulty',
  CREDENTIAL_TYPE_DOWNLOAD_FAILURE = 'credentialTypeListDownloadFailure',
+  AUTHORIZATION_GRANT_TYPE_NOT_SUPPORTED = 'authorizationGrantTypeNotSupportedByWallet',
 }

 export async function constructProofJWT(